--- title: Amazon social identity provider description: Amazon as a social identity provider requires access over secure HTTP (HTTPS). component: pingidm version: 7.5 page_id: pingidm:self-service-reference:social-providers/section-amazon-social canonical_url: https://docs.pingidentity.com/pingidm/7.5/self-service-reference/social-providers/section-amazon-social.html keywords: ["Configuration", "Authentication", "Social Authentication", "Self-Service", "User Self-Service", "Social Identity"] section_ids: cdm-amazon-setup: Set up Amazon cdm-amazon-socialID: Configure an Amazon social identity provider cdm-amazon-userreg: Configure user registration to link to Amazon appendix-amazon-social: Amazon social identity provider configuration details --- # Amazon social identity provider | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Social authentication is deprecated and will be removed in a future release of IDM. For more information, refer to [Deprecation](../../release-notes/deprecated-functionality.html#deprecated-standalone-socialid-auth). | | | | | - | ------------------------------------------------------------------------------ | | | Amazon as a social identity provider requires access over secure HTTP (HTTPS). | ## Set up Amazon To set up Amazon as a social identity provider, first [Register for Login With Amazon](https://developer.amazon.com/docs/login-with-amazon/register-web.html). You will need an Amazon account. Then, [create a security profile](https://developer.amazon.com/docs/login-with-amazon/register-web.html#create-a-new-security-profile). You will need the following information: * Security Profile Name (The name of your app) * Security Profile Description * Consent Privacy Notice URL * Consent Logo Image (optional) When complete and saved, you should see a list of security profiles with `OAuth2` credentials. You should be able to find the `Client ID` and `Client Secret` from this screen. You still need to configure the web settings for your new Security Profile. From the Amazon Developer Console dashboard, select Apps and Services > Login with Amazon, then select Manage > Web Settings. In the `Web Settings` for your app, you'll need to set either of the following properties: * Allowed Origins, which should match the URL for your registration page, such as `https://openidm.example.com:8443` * Allowed Return URLs, which should match the redirect URIs described in [Configure an Amazon Social Identity Provider](#cdm-amazon-socialID). You may refer to URIs such as `https://openidm.example.com:8443/`. ## Configure an Amazon social identity provider To configure an Amazon social identity provider using the admin UI: 1. From the navigation bar, click Configure > Social ID Providers. 2. On the Social Identity Providers page, enable Amazon. 3. In the Amazon Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, refer to [Amazon Social Identity Provider Configuration Details](#appendix-amazon-social). After you save the social identity provider configuration, IDM generates a `conf/identityProvider-amazon.json` file: ```json { "provider" : "amazon", "authorizationEndpoint" : "https://www.amazon.com/ap/oa", "tokenEndpoint" : "https://api.amazon.com/auth/o2/token", "userInfoEndpoint" : "https://api.amazon.com/user/profile" "enabled" : true, "clientId" : "", "clientSecret" : { "$crypto" : { "type" : "x-simple-encryption", "value" : { "cipher" : "AES/CBC/PKCS5Padding", "stableId" : "openidm-sym-default", "salt" : "", "data" : "", "keySize" : 16, "purpose" : "idm.config.encryption", "iv" : "", "mac" : "" } } }, "scope" : [ "profile" ], ... ``` The file includes `schema` information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you've registered a user with an Amazon social identity, you can verify this by selecting Manage > Amazon, and then selecting a user. Another part of the file includes a `propertyMap`, which maps user information entries between the `source` (social identity provider) and the `target` (IDM). If you need more information about the properties in this file, refer to [Amazon Social Identity Provider Configuration Details](#appendix-amazon-social). ## Configure user registration to link to Amazon Once you've configured the Amazon social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, refer to [IDM user interface](../../setup-guide/chap-ui.html). When you enable Social Registration, you're allowing users to register on IDM through all active social identity providers. ## Amazon social identity provider configuration details You can set up the Amazon social identity provider through the admin UI or in a `conf/identityProvider-amazon.json` file. IDM generates the `identityProvider-amazon.json` file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually. The following table includes the information shown in the admin UI Amazon Provider pop-up window, along with associated information in the `identityProvider-amazon.json` file: **Amazon social identity provider configuration properties** | Property (UI) | Property (JSON file) | Description | | ---------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Client ID | `clientId` | The client identifier for your Amazon App | | Client Secret | `clientSecret` | Used with the Client ID to access the applicable Amazon API | | Scope | `scope` | An array of strings that allows access to user data; refer to Amazon's [Customer Profile](https://developer.amazon.com/public/apis/engage/login-with-amazon/docs/customer_profile.html) Documentation. | | Authorization Endpoint | `authorizationEndpoint` | Typically `https://www.amazon.com/ap/oa`. | | Token Endpoint | `tokenEndpoint` | Endpoint that receives a one-time authorization code, and returns an access token; typically `https://api.amazon.com/auth/o2/token` | | User Info Endpoint | `userInfoEndpoint` | Endpoint that transmits scope-related fields; typically `https://api.amazon.com/user/profile` | | Not in the admin UI | `name` | Name of the social identity provider | | Not in the admin UI | `type` | Authentication module | | Not in the admin UI | `authenticationId` | Authentication identifier, as returned from the User Info Endpoint for each social identity provider | | Not in the admin UI | `propertyMap` | Mapping between Amazon and IDM | For information on social identity provider buttons and badges, refer to [Social identity provider button and badge properties](appendix-social-badges.html).